[JAVA] spring boot access authorization RESTful API

Overview

Set the permissions required to access a specific URL

environment

JDK 1.8.0_144 spring-boot 1.5.10 spring-security 4.2.4

Prerequisites

Obtain authority information in advance when logging in. (Because it's not there this time) This time it is assumed that you can already get ADMIN authority.

Where to implement

SecurityConfig --Controller method

Implementation

SecurityConfig

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //...
}

Annotate the existing (isn't it?) SecurityConfig class @EnableGlobalMethodSecurity(prePostEnabled = true) To add.

--Controller method

@PreAuthorize("hasAuthority('ADMIN')")
//Controller
public void sampleAuth() {
    //…
}

Annotation @PreAuthorize("hasAuthority('ADMIN')") If you add, this Controller method will only be accessible to users with "ADMIN" privileges.

Characteristics of @PreAuthorize

Expressions are available For example, if you only want to authorize requests from users with [ADMIN] and [MEMBER] privileges @PreAuthorize("hasAuthority('ADMIN OR hasAuthority('MEMBER')") You can use it. In addition to this, [AND] [OR] [NOT (!)] Etc. can be used.

Recommended Posts

spring boot access authorization RESTful API

Spring Boot: Restful API sample project

Implement REST API in Spring Boot

Spring Boot Form

Spring Boot Memorandum

gae + spring boot

◆ Get API created by Spring Boot from React

Create a web api server with spring boot

SPRING BOOT learning record 01

Spring Boot + Heroku Postgres

Automatically map DTOs to entities with Spring Boot API

Hello World (REST API) with Apache Camel + Spring Boot 2

Spring boot memo writing (1)

Access the built-in h2db of spring boot with jdbcTemplate

[Spring Boot] Get user information with Rest API (beginner)

First Spring Boot (DI)

SPRING BOOT learning record 02

Spring Boot exception handling

Spring Boot Servlet mapping

Spring boot development-development environment-

Spring Boot learning procedure

Customize REST API error response with Spring Boot (Part 2)

Learning Spring Boot [Beginning]

Spring boot memo writing (2)

Spring Boot 2.2 Document Summary

[Spring Boot] DataSourceProperties $ DataSourceBeanCreationException

Introduce swagger-ui to REST API implemented in Spring Boot

Spring Boot 2.3 Application Availability

Spring boot tutorials Topics

Customize REST API error response with Spring Boot (Part 1)

Download with Spring Boot

Handle Java 8 date and time API with Thymeleaf with Spring Boot

Implement REST API with Spring Boot and JPA (Application Layer)

Implement REST API with Spring Boot and JPA (Infrastructure layer)

Minimum configuration sample of RESTful API in Jersey + Spring Framework

Let's make a simple API with EC2 + RDS + Spring boot ①

How to call and use API in Java (Spring Boot)

Try hitting the zip code search API with Spring Boot

Implement REST API with Spring Boot and JPA (domain layer)

Implement a simple Rest API with Spring Security & JWT with Spring Boot 2.0

[Spring Boot] Environment construction (macOS)

Try Spring Boot from 0 to 100.

Generate barcode with Spring Boot

Hello World with Spring Boot

Spring Boot on Microsoft Azure

Implement GraphQL with Spring Boot

Spring Boot tutorial task schedule

Spring 5 & Spring Boot 2 Hands-on preparation procedure

Get started with Spring boot

Spring Boot 2 multi-project in Gradle

[Spring Boot] Web application creation

spring boot port duplication problem

Run LIFF with Spring Boot

SNS login with Spring Boot

Spring Boot Hot Swapping settings

Introduction to Spring Boot ① ～ DI ～

File upload with Spring Boot

Spring Boot starting with copy

Introduction to Spring Boot ② ~ AOP ~

CICS-Run Java application-(4) Spring Boot application

Spring Boot starting with Docker